Presentation is loading. Please wait.

Presentation is loading. Please wait.

Architecting the Network Part 2 Geoff Huston Chief Scientist, Internet Telstra ISOC Workshop.

Published byLenard Mitchell Modified over 9 years ago

Similar presentations

Presentation on theme: "Architecting the Network Part 2 Geoff Huston Chief Scientist, Internet Telstra ISOC Workshop."— Presentation transcript:

1 Architecting the Network Part 2 Geoff Huston Chief Scientist, Internet Telstra ISOC Workshop

2 Abstract Design Router Interface design model

3 The Client Interface

4  Single Homed Clients  Permanently connected clients using any one of:  leased line  radio link  permanent modem connection  Client uses single service provider who offers the client a "default" network service  Client's networks are advertised to the Internet exclusively via the provider

5 The Client Interface  Clear demarcation of boundary between client and network is required for consistency of service  Single demarcation model is required for the network to ensure manageability and operability.  The network service should never transit a client network

6 The Client Interface  The POP Access Model  Client is responsible for CPE router and tail loop  Network Provider provides router attachment points at a number of locations  Network Boundary located at POP interface

7 The Client Interface  The Comprehensive Service Model  Network provider installs and operates CPE router and tail loop  Network provider attaches to client LAN  Network Boundary located at LAN attachment point

8 The Client Interface  The Confused Model  Network Provider installs tail loop  Network Provider installs router interface card in client router  Client and network provider operate client router simultaneously

9 The Client Interface  POP or end-to-end service model depends on:  telco bulk purchase tariff discounting  router vendor bulk purchase discounting  staff availability  client expertise levels  defined service level  Client Site service model is preferable from a commercial perspective

10 The Client Interface  You can do both POP and end-to-end  as long as all routing integrity is maintained within the POP locations for all clients  The integrity of the system is maintained within a set of "core" routers

11 The Client Interface  The client has a network with some IP addresses  You operate a network with some IP addresses  How do you join these two networks together at the IP level?  This is a ROUTING problem

12 The Client Interface

13 Choice of client boundary routing protocol  Use of RIP as Network / client boundary routing protocol? 4 simple 4 widely implemented 6 NOT applicable in all cases 6 no support for classless address exchange

14 The Client Interface Choice of client boundary routing protocol Use of RIPv2 as Network / client boundary routing protocol? 4 simple 6 not yet widely implemented 6 NOT applicable in all cases 6 no support for classless address exchange

15 The Client Interface Choice of client boundary routing protocol  Use of STATIC ROUTES as Network / client boundary routing protocol? 4 simple 4 widely implemented 4 can support classless address advertisements k requires careful design to scale 6 cannot support dynamic multi-homed connections

16 The Client Interface Choice of client boundary routing protocol  Use of Classless Client boundary routing protocol?  EIGRP - proprietary B-F Distance Vector  OSPF - IETF Std Link State  RIPV2 - IETF Std B-F Distance Vector  BGP4 - IETF Std Inter Domain Routing Protocol  Issue of clean separation between interior routing environment and client boundary routing environment may dictate use of BGP4

17 The Client Interface  A proposed client interface routing architecture  use static routes for all singly homed clients  use statics of specifics plus aggregates for multiple connections to the same provider  use BGP4 for multiply homed clients using multiple providers

18 The Client Interface Static routing (plus sink) single connection

19 The Client Interface  Dynamic Routing Guidelines  Use of inbound routing filters to preserve network integrity  prevent client advertising bogus routes  preserve integrity of client network

20 The Client Interface  Dynamic Routing Guidelines  Use of outbound static default route to simplify client routing  stability of presented service  simplicity of presented service  client sees only an external default path

21 The Client Interface Dynamic routing single connection

22 The Client Connection  Routers provide:  security capability  management capability  routing management  traffic management  service management  efficiency  integration

23 The Client Connection  SLIP / PPP implementations in hosts  cheap!  Capital price differential between hosts and router is small  Operating cost is higher using hosts as routers  use as single end host access system

24 Routing to the Client  Multiple client interfaces  split of client and provider network - multiple default paths  asymmetric routes can be generated  client network internal breakage causes black hole routing  requires careful management and clear understanding of the routing issues  need to use CIDR routing to best advantage!

25 Routing to the Client  Multiple providers  Only one provider can provide "default"  other connected providers must resort to explicit provision of routes to enumerated networks  All providers must ensure that the client is not used as a transit facility through explicit route management on the part of all providers

26 Distributed Client support  Virtual Private Network architecture issues  VPNs via filtering - unwise!  VPNs via tunnelling  VPNs via MPLS

27 Variations  Address translation technologies at the interface  Combined firewall / routing interfaces  Encryption at the interface

28 Dial Access

29 Dial Access Management  PSTN dial access  ISDN dial access Support issues are similar: user authentication and user access profile accounting and billing records infrastructure support for intermittent access

30 Dial Access Components Client Device Dial Access Server Radius Servers Mail, News servers Service Provider Network

31 Access Mechanisms  Modem banks entry level for small ISPs high management cost  ISDN Primary Rate access higher cost more reliable high manageability smaller size and power budget combine PSTN and ISDN service requirements

32 Authenticating the User  PPP component of link setup  pass authentication details to access server  access server consults Radius servers  Radius server providers answer: no / yes with profile loaded into access server  Session accounting enabled  Radius Accounting provides per session accounting at session termination

33 User Accounting  Collect session accounting record: user identification location of session service (server and port) start time duration session termination reason volume counters IP address assigned for session

34 Address Management  Address Pools configured per ISDN PRI port  Dynamic address assignment per session this has service implications, as the client cannot assume a permanent name / address association  Client LAN connection is not readily supported dynamic route filter loading is required

35 Client Services  Required Services  Mail server  POP access and account management  Proxy Domain name services  NEWS browser access  WEB server access

36 Other Services  Other services  WEB proxy systems  News servers  ftp servers  game servers ...

37 Dial Access Services  Service Intensive Environment  The Helpdesk is the major cost component of a dial access service  Highly Competitive Environment  Small startup capital costs for new players  Linking of equipment retail with access service  High service margins are now a myth

38 Dial Access Directions  commodity low margin market  virtual dial pops via L2 tunneling from CO telco port banks  QoS on dial access

39 Other Access Models  Cable  shared infrastructure  speed matching  third party ISP access  voice / data integration  integration with CATV rollout

40 Other Access Models  xDSL  non-uniform service model  speed matching  third party ISP access  PSTN impact  CATV impact  IP infrastructure impact  use existing copper infrastructure

41 Other Access Models  wireless  spread spectrum, packet radio, GSM data  high utility model  limited spectrum availability  limited coverage with LOS earth facilities  limited available bandwidth  But no wires!

Download ppt "Architecting the Network Part 2 Geoff Huston Chief Scientist, Internet Telstra ISOC Workshop."

Similar presentations

A Clash of Two Cultures ISPs and Telcos Geoff Huston.

A Clash of Two Cultures ISPs and Telcos Geoff Huston.
Architecting the Network

Architecting the Network
A Clash of Two Cultures ISPs and Telcos Geoff Huston.

A Clash of Two Cultures ISPs and Telcos Geoff Huston.
Multihoming and Multi-path Routing

Multihoming and Multi-path Routing
There are many types of WAN technologies that can be used to solve the problems of users who need network access from remote locations. We will go through.

There are many types of WAN technologies that can be used to solve the problems of users who need network access from remote locations. We will go through.
Lemonade and Mobile e- mail Stéphane H. Maes – Lemonade Intermediate meeting Vancouver, BC October 2004.

Lemonade and Mobile e- mail Stéphane H. Maes – Lemonade Intermediate meeting Vancouver, BC October 2004.
Implementing Inter-VLAN Routing

Implementing Inter-VLAN Routing
CP2073 - Networking1 WAN and Internet Access. CP2073 - Networking2 Introduction What is Wide Area Networking? What is Wide Area Networking? How Internet.

CP Networking1 WAN and Internet Access. CP Networking2 Introduction What is Wide Area Networking? What is Wide Area Networking? How Internet.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.

Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—3-1 Determining IP Routes Introducing Routing.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—3-1 Determining IP Routes Introducing Routing.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Rev A8/8/021 ABC Networks

Rev A8/8/021 ABC Networks
Architecting the Network Part 4 Geoff Huston Chief Scientist, Internet

Architecting the Network Part 4 Geoff Huston Chief Scientist, Internet
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.

Similar presentations

Ads by Google